Bug 1413085

Summary: tigervnc-server segmentation fault
Product: Red Hat Enterprise Linux 7 Reporter: Yujen Juan <yjuan>
Component: tigervncAssignee: Jan Grulich <jgrulich>
Status: CLOSED NOTABUG QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.3CC: jan.lavoie, troy.engel
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-30 06:19:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1393395    
Attachments:
Description Flags
log file of vncserver none

Description Yujen Juan 2017-01-13 15:24:10 UTC
Created attachment 1240375 [details]
log file of vncserver

Description of problem:

Segmentation fault when starting vncserver

Version-Release number of selected component (if applicable):

tigervnc.x86_64                      1.3.1-9.el7             @rhel-7-server-rpms
tigervnc-icons.noarch                1.3.1-9.el7             @rhel-7-server-rpms
tigervnc-license.noarch              1.3.1-9.el7             @anaconda/7.3
tigervnc-server.x86_64               1.3.1-9.el7             @rhel-7-server-rpms
tigervnc-server-minimal.x86_64       1.3.1-9.el7             @anaconda/7.3

How reproducible:

Segmentation faults every time

Steps to Reproduce:
1. run "vncserver -geometry 1280x1024"
2.
3.

Actual results:

Xvnc TigerVNC 1.3.1 - built Sep 13 2016 10:00:38
Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.
Underlying X server release 11702000, The X.Org Foundation


Thu Jan 12 17:22:43 2017
 vncext:      VNC extension running!
 vncext:      Listening for VNC connections on all interface(s), port 5901
 vncext:      created VNC server for screen 0
(EE) 
(EE) Backtrace:
(EE) 0: /usr/bin/Xvnc (xorg_backtrace+0x55) [0x5ba9f5]
(EE) 1: /usr/bin/Xvnc (0x400000+0x1be9d9) [0x5be9d9]
(EE) 2: /usr/lib64/libpthread.so.0 (0x7f7cedcb8000+0xf370) [0x7f7cedcc7370]
(EE) 3: /lib64/ld-linux-x86-64.so.2 (0x7f7cefa16000+0x5c09) [0x7f7cefa1bc09]
(EE) 4: /lib64/ld-linux-x86-64.so.2 (0x7f7cefa16000+0x836b) [0x7f7cefa1e36b]
(EE) 5: /lib64/ld-linux-x86-64.so.2 (0x7f7cefa16000+0x13684) [0x7f7cefa29684]
(EE) 6: /lib64/ld-linux-x86-64.so.2 (0x7f7cefa16000+0xeff4) [0x7f7cefa24ff4]
(EE) 7: /lib64/ld-linux-x86-64.so.2 (0x7f7cefa16000+0x12feb) [0x7f7cefa28feb]
(EE) 8: /usr/lib64/libdl.so.2 (0x7f7ceee3e000+0xfbb) [0x7f7ceee3efbb]
(EE) 9: /lib64/ld-linux-x86-64.so.2 (0x7f7cefa16000+0xeff4) [0x7f7cefa24ff4]
(EE) 10: /usr/lib64/libdl.so.2 (0x7f7ceee3e000+0x15bd) [0x7f7ceee3f5bd]
(EE) 11: /usr/lib64/libdl.so.2 (dlopen+0x31) [0x7f7ceee3f051]
(EE) 12: /usr/lib64/dri/swrast_dri.so (0x7f7ce63e3000+0x37d214) [0x7f7ce6760214]
(EE) 13: /usr/lib64/dri/swrast_dri.so (0x7f7ce63e3000+0x66d530) [0x7f7ce6a50530]
(EE) 14: /usr/lib64/dri/swrast_dri.so (0x7f7ce63e3000+0x968e0) [0x7f7ce64798e0]
(EE) 15: /usr/lib64/dri/swrast_dri.so (0x7f7ce63e3000+0x41dbd2) [0x7f7ce6800bd2]
(EE) 16: /usr/lib64/dri/swrast_dri.so (0x7f7ce63e3000+0x31946c) [0x7f7ce66fc46c]
(EE) 17: /usr/lib64/dri/swrast_dri.so (0x7f7ce63e3000+0x317042) [0x7f7ce66fa042]
(EE) 18: /usr/bin/Xvnc (0x400000+0x8e040) [0x48e040]
(EE) 19: /usr/bin/Xvnc (GlxExtensionInit+0x16a) [0x48d45a]
(EE) 20: /usr/bin/Xvnc (InitExtensions+0x43) [0x44d683]
(EE) 21: /usr/bin/Xvnc (dix_main+0x210) [0x56d910]
(EE) 22: /usr/lib64/libc.so.6 (__libc_start_main+0xf5) [0x7f7cecdbab35]
(EE) 23: /usr/bin/Xvnc (0x400000+0x4adba) [0x44adba]
(EE) 
(EE) Segmentation fault at address 0x7f7cefc35de0
(EE) 
Fatal server error:
(EE) Caught signal 11 (Segmentation fault). Server aborting
(EE) 


Expected results:


Additional info:

Comment 2 Jan Grulich 2017-01-16 13:13:53 UTC
Useless backtrace, will be probably fixed by doing rebase.

Comment 3 jan.lavoie 2017-01-27 20:54:56 UTC
We've run into this where I work. We diagnosed it to be linked to invalid entries in LD_LIBRARY_PATH in our particular case. Obviously, it may be due to something else, so your mileage may vary.

Hope this helps.

Comment 4 Yujen Juan 2017-01-27 21:10:13 UTC
That did it.  Thank you!  It turned out that I had set LD_LIBRARY_PATH to have a non-existent path.  Removing it did the trick.

Comment 5 troy.engel 2017-04-17 17:39:08 UTC
This is a bug added from the upgrade of tigervnc from 1.3.1-4.el7_2 (RHEL 7.2) to 1.3.1-9.el7 (RHEL 7.3), if you yum downgrade tigervnc* to 1.3.1-4.el7_2 it then works as expected, as well as fixing LD_LIBRARY_PATH noted above as an alternate workaround.

As my debug trace files include sensitive information, I'll open an issue on our Red Hat account and ask it be linked to this public BZ with a sosreport and so forth, as bz#1326867 is private and we cannot see the actual changes (I suspect it's this one).

Here's a quick snippet of what I see in the RPM changelog between the two:

====
* Tue Sep 13 2016 Adam Jackson <ajax> - 1.3.1-9
- Force DT_RUNPATH to point to Mesa's libGL
  Resolves: bz#1326867

* Thu Jun 02 2016 Jan Grulich <jgrulich> - 1.3.1-8
- Make other security types work
  Resolves: bz#1341969

* Wed May 25 2016 Jan Grulich <jgrulich> - 1.3.1-7
- Restore default behaviour to listen on TCP
  Resolves: bz#1304646

* Tue May 24 2016 Jan Grulich <jgrulich> - 1.3.1-6
- Do not fail to bind a network socket
  Resolves: bz#1332575
- Do not die when port is already taken
  Resolves: bz#1322155

* Thu Mar 24 2016 Jan Grulich <jgrulich> - 1.3.1-5
- Update comments in vncserver configuration file example
  Resolves: bz#1295275
====

In our case, the LD_LIBRARY_PATH is pre-preprepared in the user's (oracle) environment to start an Oracle installation, adding a directory in a custom path to it that has not yet been added/created by the Oracle installation process.

Comment 6 troy.engel 2017-04-18 20:26:53 UTC
Hi Florian, thanks for the reminder - I worked on this in the Red Hat case internally and forgot to update here for the casual readers; the root cause does appear to be the glibc bug as you just added, it's just by accident that this update to tigervnc has exposed it. I'm working with our RH case to get it onto the roadmap for engineering and a future Errata some day. I tracked down the upstream commit fixing it after finding the patch on a mailing list post from 2014.

https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=elf/dl-load.c;h=41b91fcc86664b39ea8c0ce5ed35109ab494c925;hp=73174aa424af178c591cd55c549db292db459ebf;hb=9317ea653afc26402387cac67042f9890af6add2;hpb=bea58013607c6507108bc73744a0bf63d735f259